Virus in System restore folder

Discussion in 'other anti-virus software' started by The Black Widow, Jul 13, 2004.

Thread Status:
Not open for further replies.
  1. Hi,

    My antivirus found some infected files in :
    D:\System Volume Information\Restore

    But I have disabled System Restore, and when I choose to display even hidden files and folders I have no System Volume Information folder in D drive.

    So what happened and how to delete this folder?

    Thanks
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    What is the name of the virus?

    Have you tried rebooting your PC, this should empty the System Restore folder. Failing this reboot your PC into Safe Mode and try running a scan then.

    Hope this helps...

    Cheers :D
     
  3. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Hi Black Widow,

    Does the "restore" folder display as _Restore, or -Restore? If so, I would d/l and run AdAware, or Spybot S&D and see if it can remove the folders contents.

    Some users have reported success by running Trend Micro's Housecall, which you can find at:

    www.trendmicro.com

    We have actually had to remove an infestation of this pest by booting to a command prompt and manually deleting the folder using DOS commands--*that* finally nuked the sucker. The folder you're describing is not visible while Windows is running, but *is* visible in DOS mode.

    Good luck, and keep us posted.
    ;)
     
  4. The restore folder display as _restore.
    But I don't care much about the virus, my antivirus deleted the file, what I would like : deleting this System Volume Information folder, as I have disabled the system restore feature so such a file is of no use for me :)

    Thanks a lot :)
     
  5. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    If you're using XP or 2K, you can boot to a command prompt, and use the rmdir command. I'd google rmdir to make sure you get the correct syntax for your situation.

    Make sure you know what you're doing before you go deleting directories.

    Good luck!
    ;)
     
  6. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    If your system ,apart from the restore folder, is clean can you not create a new restore point then use disc cleanup/more options to delete all but the latest "clean" retore point?
     
  7. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    When you disable System Restore, all the previous restore points are deleted automatically (a strange quirk of the program). (or atleast it does for me)
     
  8. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Thats what I would expect but something seems not to be working correctly:-might be worth re-enabling it,create a restore point and seeing you can delete the infected one thats causing prob you can always disable restore afterwards it would only take a minute or 2 and whats there to lose
     
  9. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Try this:-change security settings for your system vol information folder to allow you full access to it(by default usually the system is only allowed this)you'll have to change from simple file sharing to do this,you can then go into sys vol inf folder and manually delete restore points that are stored there:- just tried this on my system and can delete what I want to out of there
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.